Changelog¶
2.13.1 (2022-08-02)¶
Bugfixes¶
2.13.0 (2022-06-24)¶
Features¶
Added support for streaming artifacts from object storage. #731
Bugfixes¶
Fixed the machinery for building OCI images. #461
Fixed the regular expression for matching base paths in distributions. #756
Fixed generation of the redirect url to the object storage #767
Enforced the reference to manifests from tags. Note that this bugfix introduces a migration that removes tags without any reference to the manifests. #789
Improved image upload process from podman/docker clients. These clients send data as one big chunk hence we don’t need to save it as chunk but as an artifact directly. #797
Fixed upload does not exist error during image push operation. #861
Improved Documentation¶
Improved the documentation for RBAC by adding a new section for roles and a new section for migrating from permissions to roles. #641
Misc¶
2.12.1 (2022-05-12)¶
Misc¶
2.12.0 (2022-05-05)¶
Features¶
Bugfixes¶
Fixed url of the registry root endpoint during signature source check. #646
Fixed sync of signed content failing with the error DeclarativeContent’ object has no attribute ‘d_content’. #654
Fixed group related creation hooks that failed if no current user could be identified. #673
Fixed other instances of fd leak. #679
Removed Namespace validation. Namespaces are managed transparently on behalf of the user. #688
Fixed some tasks that were using /tmp/ instead of the worker working directory. #696
Fixed the reference to a serializer for building images. #718
Fixed the regular expression for matching dockerhub URLs. #736
Improved Documentation¶
Added docs for client signature verification policy. #530
Misc¶
2.11.0 (2022-03-16)¶
Features¶
Allow upload of non-distributable layers. #462
Added support for pushing manifest lists via the Registry API. #469
Added support for cross repository blob mount. #494
Added support for caching responses from the registry. The caching is not enabled by default. Enable it by configuring the Redis connection and defining
CACHE_ENABLED = True
in the settings file. #496Added model, serializer, filter and viewset for image manifest signature. Added ability to sync manifest signatures from a sigstore. #498
Added ability to sign container images from within The Pulp Registry. manifest_signing_service is used to produce signed container content. #500
Added support for pushing image signatures to the Pulp Registry. The signatures can be pushed by utilizing the extensions API. #502
Added an extensions API endpoint for downloading image signatures. #504
Enabled users to import/export image signatures. #506
Ported RBAC implementation to use pulpcore roles. #508
Added recursive removal of manifest signatures when a manifest is removed from a repository. #511
Added support for syncing signatures using docker API extension. #528
Added ability to remove signatures from a container(push) repo. #548
Don’t reject manifest that has non-distributable layers during upload. #598
Bugfixes¶
Don’t store blob’s media_type on the model. There is no way to say what mimetype it has when it comes into the registry. #493
Account for case when token’s scope does not contain type/resource/action. #509
Fixed content retrieval from distribution when repo is removed. #513
Fixed file descriptor leak during image push. #523
Fixed “manifest_id” violates not-null constraint error during sync. #537
Fixed error during container image push. #542
Return a more concise message exception on 500 during image pull when content is missing on the FS. #555
Fixed a bug that disallowed users who were authenticated by a remote webserver to access the Registry API endpoints when token authentication was disabled. #558
Successfully re-upload artifact in case it was previously removed. #595
Fixed check for the signature source location. #617
Accept token under access_token for compat reasons. #619
Misc¶
2.10.3 (2022-04-05)¶
Bugfixes¶
2.10.2 (2022-03-04)¶
Bugfixes¶
2.10.1 (2022-02-15)¶
Bugfixes¶
2.10.0 (2021-12-14)¶
Features¶
2.9.4 (2022-03-04)¶
Bugfixes¶
2.9.3 (2022-02-15)¶
Bugfixes¶
2.9.2 (2022-02-08)¶
Bugfixes¶
Added validation for the supported manifests and blobs media_types in the push operation. #8303
Fixed ORM calls in the content app that were made in async context to use sync_to_async. #9454
Fixed a failure during distribution update that occured when unsetting repository_version. #9497
Corrected value of
Content-Length
header for push upload responses. This fixes the upstream prematurely closed connection while reading upstream error that would appear in nginx logs after a push operation. #9516Fixed headers and status codes in the upload/blob responses during image push. #9568
Send proper blob content_type header when the blob is served. #9571
Fixed a bug that caused container clients to be unable to interact with content stored on S3. #9586
Fixed a bug, where permissions were checked against the wrong object type. #9589
Misc¶
2.9.1 (2021-11-23)¶
Bugfixes¶
Fixed ORM calls in the content app that were made in async context to use sync_to_async. (Backported from https://pulp.plan.io/issues/9454). #9538
Corrected value of
Content-Length
header for push upload responses. This fixes the upstream prematurely closed connection while reading upstream error that would appear in nginx logs after a push operation (Backported from https://pulp.plan.io/issues/9516). #9539Fixed Azure storage backend support (Backported from https://pulp.plan.io/issues/9488). #9540
2.9.0 (2021-10-06)¶
Bugfixes¶
Misc¶
2.8.7 (2022-04-05)¶
Bugfixes¶
Accept token under access_token for compat reasons. #619
2.8.6 (2022-03-04)¶
Bugfixes¶
2.8.5 (2022-02-15)¶
Bugfixes¶
2.8.4 (2022-01-27)¶
Bugfixes¶
Fixed “manifest_id” violates not-null constraint error during sync. #537
2.8.3 (2021-12-09)¶
Bugfixes¶
Fixed a bug that caused container clients to be unable to interact with content stored on S3. (Backported from https://pulp.plan.io/issues/9586). #9601
Fixed rate_limit option on the remote which was ignored during the downloads. Rate limit defines N req/sec per connection ( backported from https://pulp.plan.io/issues/9610). #9610
2.8.2 (2021-11-23)¶
Bugfixes¶
Corrected value of
Content-Length
header for push upload responses. This fixes the upstream prematurely closed connection while reading upstream error that would appear in nginx logs after a push operation (Backported from https://pulp.plan.io/issues/9516). #9521Fixed ORM calls in the content app that were made in async context to use loop.run_in_executor(). #9522
Fixed Azure storage backend support (Backported from https://pulp.plan.io/issues/9488). #9523
Added validation for a repository base path (Backported from https://pulp.plan.io/issues/9403). #9526
2.8.1 (2021-09-07)¶
Bugfixes¶
Refactor sync pipeline to fix a race condition with multiple synchronous syncs. (backported from #9292) #9334
2.8.0 (2021-08-04)¶
Features¶
Bugfixes¶
Use proxy auth credentials when syncing content from a Remote. #9065
Deprecations and Removals¶
Dropped support for Python 3.6 and 3.7. pulp_container now supports Python 3.8+. #9035
Misc¶
2.7.1 (2021-07-21)¶
Bugfixes¶
Use proxy auth credentials when syncing content from a Remote. (backported from #9065) #9067
2.7.0 (2021-07-01)¶
Features¶
As a user I can update container push repositories. #8313
Bugfixes¶
2.6.0 (2021-05-20)¶
Features¶
Added ability for users to add a Remote to a Repository that is used by default when syncing. #7795
Bugfixes¶
Fixed a bug where image push of the same tag with docker client ended up in the different manifest upload. Updated Range header in the blob upload response so it is inclusive. #8543
Add a fix to prevent server errors on push of new repositories including multiple layers. #8565
Fixed apache snippet config and removed scheme #8573
Do not suggest a time to wait on 429 responses. This allows clients to decide to play nice and increase backoff times. #8576
Fix a bug where users with container.namespace_change_containerdistribution couldn’t change distributions. #8618
Fixed compution of the digest string during the manifest conversion so it also contains the algorithm. #8629
Create and return empty_blob on the fly. #8631
Fixed “connection already closed” error in the Registry handler. #8672
Improved Documentation¶
Fixed broken links to API guide #8125
Misc¶
2.5.5 (2022-02-15)¶
Bugfixes¶
2.5.4 (2021-12-14)¶
Bugfixes¶
Improved error logging on failed image push. (Backported from https://pulp.plan.io/issues/8879). #8888
Fixed access policy for the container repository
repair
endpoint. (Backported from https://pulp.plan.io/issues/8884). #8889Fixed a bug that caused container clients to be unable to interact with content stored on S3. (Backported from https://pulp.plan.io/issues/9586). #9600
2.5.3 (2021-05-20)¶
Bugfixes¶
Fixed “connection already closed” error in the Registry handler. (backported from #8672) #8697
Fixed compution of the digest string during the manifest conversion so it also contains the algorithm. (backported from #8629) #8698
Create and return empty_blob on the fly. (backported from #8631) #8699
Do not suggest a time to wait on 429 responses. This allows clients to decide to play nice and increase backoff times (Backported from #8576). #8703
2.5.2 (2021-04-19)¶
Bugfixes¶
Add a fix to prevent server errors on push of new repositories including multiple layers. (Backported from https://pulp.plan.io/issues/8565) #8591
2.5.1 (2021-04-13)¶
Bugfixes¶
Fixed a bug where image push of the same tag with docker client ended up in the different manifest upload. Updated Range header in the blob upload response so it is inclusive. (Backported from https://pulp.plan.io/issues/8543) #8545
2.5.0 (2021-04-08)¶
Features¶
Bugfixes¶
Wrapped the repository version creation during blob upload commit in a task that will be waited on by issuing 429. #8151
Improved Documentation¶
Released container RBAC from tech-preview. #8527
2.4.0 (2021-03-18)¶
Features¶
Added pagination to the _catalog and the tags/list endpoint in the registry API. #7974
Added a fall back to use BasicAuth if TOKEN_AUTH_DISABLED is set. #8074
Added a new API endpoint that allows users to remove an image by a digest from a push repository. #8105
Added a namespace_is_username helper to decide whether the namespace matches the username of the requests user. Changed the namespace access_policy to allow users without permissions to create the namespace that matches their username. #8197
Bugfixes¶
Fixed the
scope
field returned by the registry when a user was accessing the catalong endpoint without a token. In addition to that, the fieldaccess
returned by the token server for the root endpoint was fixed as well. #8045Added missing error code that should be returned in the WWW-Authenticate header. #8046
Fixed a bug that caused the registry to fail during the schema conversion when there was not provided the field
created_by
. #8299Prevent the registry pagination classes to fail if a negative page size is requested. #8318
2.3.1 (2021-02-15)¶
Bugfixes¶
Use
get_user_model()
to prevent pulp_container from crashing when running alongside other pulp plugins that override the default user authentication models. #8260
2.3.0 (2021-02-08)¶
Features¶
Added access policy and permission management to container repositories. #7706
Added access policy and permission management to the container remotes. #7707
Added access policy for ContainerDistributionViewSet and the Registry API. #7937
Added access policy and permission management to the container namespaces. #7967
Added RBAC to the push repository endpoint. #7968
Add RBAC to the repository version endpoints. #8017
Made the push and pull permission granting use the
ContainerDistribution
access policy. #8075Added Owner, Collaborator, and Consumer groups and permissions for Namespaces and Repositories. #8101
Added a private flag to mark distributions global read accessability. #8102
Added support for tagging and untagging manifests for push repositories. #8104
Added RBAC for container content. #8142
Made the token expiration time configurable via the setting ‘TOKEN_EXPIRATION_TIME’. #8147
Decoupled permissions for registry live api and pulp api. #8153
Add description field to the ContainerDistribution. #8168
Bugfixes¶
Fixed a bug that caused the registry to advertise an invalid digest of a converted manifest. #7923
Fixed the way how the plugin verifies authenticated users in the token authentication. #8057
Adjusted the queryset filtering of
ContainerDistribution
to includeprivate
andNamespace
permissions. #8206Fixed bug experienced when pulling using docker 20.10 client. #8208
Deprecations and Removals¶
POST and DELETE requests are no longer available for /pulp/api/v3/repositories/container/container-push/. Push repositories are still automatically created via docker/podman push and deleted through container distributions. #8014
Misc¶
2.2.2 (2021-05-26)¶
Bugfixes¶
Fixed compution of the digest string during the manifest conversion so it also contains the algorithm. (Backported from https://pulp.plan.io/issues/8629). #8818
Create and return empty_blob on the fly. (Backported from https://pulp.plan.io/issues/8654). #8819
Fixed “connection already closed” error in the Registry handler. (Backported from https://pulp.plan.io/issues/8672). #8820
2.2.1 (2021-03-18)¶
Bugfixes¶
Fixed a bug that caused the registry to fail during the schema conversion when there was not provided the field
created_by
. (Backported from https://pulp.plan.io/issues/8299) #8349Fixed a bug that caused the registry to advertise an invalid digest of a converted manifest. (Backported from https://pulp.plan.io/issues/7923) #8350
Fixed bug experienced when pulling using docker 20.10 client. (Backported from https://pulp.plan.io/issues/8208) #8367
2.2.0 (2020-12-09)¶
Features¶
Bugfixes¶
Fixed the value of registry_path in a container distribution. #7385
Added validation for tags’ names. #7506
Fixed Renderer to handle properly Manifest and Blob responses. #7620
Updated models fields to not use settings directly. #7728
Fixed a bug where Artifacts were missing sha224 checksum after podman push. #7774
Improved Documentation¶
Updated scripts to correctly show the workflows. #7547
Misc¶
2.1.3 (2022-05-12)¶
Misc¶
2.1.2 (2021-05-04)¶
Bugfixes¶
Create and return empty_blob on the fly (Backported from https://pulp.plan.io/issues/8631) #8654
Fixed compution of the digest string during the manifest conversion so it also contains the algorithm (Backported from https://pulp.plan.io/issues/8629). #8655
Fixed “connection already closed” error in the Registry handler (Backported from https://pulp.plan.io/issues/8672). #8685
2.1.1 (2021-03-08)¶
Bugfixes¶
Fixed Renderer to handle properly Manifest and Blob responses. (Backported from https://pulp.plan.io/issues/7620) #8346
Fixed a bug that caused the registry to advertise an invalid digest of a converted manifest. (Backported from https://pulp.plan.io/issues/7923) #8347
Fixed a bug that caused the registry to fail during the schema conversion when there was not provided the field
created_by
. (Backported from https://pulp.plan.io/issues/8299) #8348Fixed bug experienced when pulling using docker 20.10 client. (Backported from https://pulp.plan.io/issues/8208) #8366
2.1.0 (2020-09-23)¶
Bugfixes¶
Fixed the unnecessary double redirect issued for the S3 storage #6826
Improved Documentation¶
Documented how include/exclude_tags options work with mirror=True/False. #7380
2.0.1 (2020-09-08)¶
Bugfixes¶
Fixed bug where users would get 403 response when pulling from the registry running behind an HTTPS reverse proxy. #7462
2.0.0 (2020-08-18)¶
Features¶
Bugfixes¶
Updated the sync machinery to not store an image manifest as a tag’s artifact #6816
Added a validation, that a push repository cannot be distributed by specifying a version. #7012
Forbid the REST API methods PATCH and PUT to prevent changes to repositories created via docker/podman push requests #7013
Fixed the rendering of errors in the container registry api. #7054
Repaired broken registry with TOKEN_AUTH_DISABLED=True #7304
Improved Documentation¶
Updated docs for 2.0 GA. #7317
Deprecations and Removals¶
Renamed ‘whitelist_tags’ to ‘include_tags’. #7070
2.0.0b3 (2020-07-16)¶
Features¶
Redirected get on Manifest get to the content app to enable schema conversion. Repaired schema conversion to work with django-storage framework. #6824
Added ContainerPushRepository type to back writeable container registries. #6825
Added ContentRedirectContentGuard to redirect with preauthenticated urls to the content app. #6894
Restricted push access to admin user. #6976
Bugfixes¶
Refactored token_authentication that now happens in pulpcore-api app #6894
Fixed a crash when trying to access content with an unparseable token. #7124
Fixed a runtime error which was triggered when a registry client sends an accept header with an inappropriate media type for a manifest and the conversion failed. #7125
Misc¶
2.0.0b2 (2020-06-08)¶
Bugfixes¶
Fixed the client_max_body_size value in the nginx config. #6916
2.0.0b1 (2020-06-03)¶
Features¶
Added REST APIs for handling docker/podman push. #5027
Bugfixes¶
1.4.2 (2020-07-13)¶
Bugfixes¶
Improved the performance of the synchronization #6940
1.4.1 (2020-06-04)¶
Bugfixes¶
Including requirements.txt on MANIFEST.in #6890
1.4.0 (2020-05-28)¶
Features¶
Enable S3 as alternative storage. #4456
Bugfixes¶
Fixed webserver snippets config #6628
Improved Documentation¶
Added a new section about using pull secrets #6315
Misc¶
1.3.0 (2020-04-23)¶
Features¶
Added support for filtering tags using wildcards #6338
Misc¶
1.2.0 (2020-03-05)¶
Features¶
Bugfixes¶
Building an image from a Containerfile no longer requires root access. #5895
Misc¶
1.1.0 (2020-01-22)¶
Features¶
Bugfixes¶
Misc¶
1.0.0 (2019-12-12)¶
Features¶
Bugfixes¶
Allow users to provide fully qualified domain name of a token server with an associated port number #5779
Improved Documentation¶
Add note about access permissions for private and public keys #5778
Misc¶
1.0.0rc1 (2019-11-18)¶
Features¶
No duplicated content can be present in a repository version. #3541
Convert manifests of the format schema 2 to schema 1 #4244
Add support for pulling content using token authentication #4938
Store whitelisted tags in a list instead of CSV string #5515
Make repositories “typed”. Repositories now live at a detail endpoint. Sync is performed by POSTing to {repo_href}/sync/ remote={remote_href}. #5625
Added v2s2 to v2s1 converter. #5635
Bugfixes¶
Fix using specified proxy for downloads. #5637
Improved Documentation¶
Change the prefix of Pulp services from pulp-* to pulpcore-* #4554
Deprecations and Removals¶
Change _type to pulp_type #5454
Change _id, _created, _last_updated, _href to pulp_id, pulp_created, pulp_last_updated, pulp_href #5457
Remove “_” from _versions_href, _latest_version_href #5548
Removing base field: _type . #5550
Sync is no longer available at the {remote_href}/sync/ repository={repo_href} endpoint. Instead, use POST {repo_href}/sync/ remote={remote_href}.
Creating / listing / editing / deleting Container repositories is now performed on /pulp/api/v3/repositories/container/container/ instead of /pulp/api/v3/repositories/. Only Container content can be present in a Container repository, and only a Container repository can hold Container content. #5625
Misc¶
4.0.0b7 (2019-10-02)¶
Bugfixes¶
Misc¶
4.0.0b6 (2019-09-05)¶
Features¶
Add endpoint to recursively copy manifests from a source repository to a destination repository. #3403
Add endpoint to recursively add docker content to a repository. #3405
As a user I can sync from a docker repo published by Pulp2/Pulp3. #4737
Add support for tagging and untagging manifests via an additional endpoint #4934
Add endpoint for copying all tags from a source repository, or specific tags by name. #4947
Add ability to filter Manifests and ManifestTags by media_type and digest #5033
Add ability to filter Manifests, ManifestTags and Blobs by multiple media_types #5157
Add endpoint to recursively remove docker content from a repository. #5179
Bugfixes¶
Misc¶
4.0.0b5 (2019-07-04)¶
Bugfixes¶
Improved Documentation¶
Misc¶
4.0.0b4¶
Enable sync from registries that use basic auth or have private repos
Enable on_demand or streamed sync
Enable whitelist tags specification when syncing
Compatibility with pulpcore-plugin-0.1.0rc2
4.0.0b3¶
Enable sync from gcr and quay registries
Enable support to handle pagination for tags/list endpoint during sync
Enable support to manage a docker image that has manifest schema v2s1
Enable docker distribution to serve directly latest repository version
4.0.0b2¶
Compatibility with pulpcore-plugin-0.1.0rc1
Performance improvements and bug fixes
Add support for syncing repo with foreign layers
Change sync pipeline to use Futures to handle nested content
Make Docker distributions asyncronous
Add support to create publication directly
4.0.0b1¶
Add support for basic sync of a docker repo form a V2Registry
Add support for docker/podman pull from a docker distbution served by Pulp